changeset 111:d0dad5610980

move to autoconf/automake/docbook
author carl
date Sun, 18 Dec 2005 15:16:25 -0800
parents 75c10deb3fe9
children 96b2eb7f25f5
files Makefile.am info/Makefile.am man/Makefile.am package xml/Makefile.am xml/dnsbl.in xml/sample.conf
diffstat 7 files changed, 129 insertions(+), 307 deletions(-) [+]
line wrap: on
line diff
--- a/Makefile.am	Sun Dec 18 15:16:25 2005 -0800
+++ b/Makefile.am	Sun Dec 18 15:16:25 2005 -0800
@@ -4,7 +4,7 @@
 dconfdir = $(sysconfdir)/dnsbl
 dconf_DATA = dnsbl.conf hosts-ignore.conf html-tags.conf tld.conf
 CLEANFILES = dnsbl xml/dnsbl xml/Makefile
-EXTRA_DIST = dnsbl.rc $(dconf_DATA) dnsbl.spec $(wildcard xml/h*) $(wildcard xml/M*) $(wildcard xml/s*)
+EXTRA_DIST = dnsbl.rc $(dconf_DATA) dnsbl.spec $(wildcard xml/h*) $(wildcard xml/M*) $(wildcard xml/d*)
 
 dnsbl: $(srcdir)/dnsbl.rc
 	   rm -f dnsbl
--- a/info/Makefile.am	Sun Dec 18 15:16:25 2005 -0800
+++ b/info/Makefile.am	Sun Dec 18 15:16:25 2005 -0800
@@ -1,2 +1,2 @@
-info_INFOS = syslog2iptables.texi
+info_INFOS = dnsbl.texi
 EXTRA_DIST = $(info_INFOS)
--- a/man/Makefile.am	Sun Dec 18 15:16:25 2005 -0800
+++ b/man/Makefile.am	Sun Dec 18 15:16:25 2005 -0800
@@ -1,2 +1,2 @@
-man_MANS = syslog2iptables.1 syslog2iptables.conf.5
+man_MANS = dnsbl.1 dnsbl.conf.5
 EXTRA_DIST = $(man_MANS)
--- a/package	Sun Dec 18 15:16:25 2005 -0800
+++ b/package	Sun Dec 18 15:16:25 2005 -0800
@@ -14,6 +14,7 @@
 # cp -a html/*html $web
 make distcheck >$distlog 2>&1
 if [ $? -eq 0 ]; then
+    ls -al xml
     exit
     if [ -f $BALL ]; then
         # expand locally to see the tarball
--- a/xml/Makefile.am	Sun Dec 18 15:16:25 2005 -0800
+++ b/xml/Makefile.am	Sun Dec 18 15:16:25 2005 -0800
@@ -1,10 +1,10 @@
-all: syslog2iptables
-	   cat header.xml  syslog2iptables >syslog2iptables.xml
-	   cat header.sgml syslog2iptables >syslog2iptables.sgml
+all: dnsbl
+	   cat header.xml  dnsbl >dnsbl.xml
+	   cat header.sgml dnsbl >dnsbl.sgml
 	   rm -f ../html/*html
 	   rm -f ../html/*pdf
-	   xmlto        -o ../man  man   syslog2iptables.xml
-	   xmlto        -o ../html xhtml syslog2iptables.xml
-	   xmlto        -o ../html pdf   syslog2iptables.xml
-	   docbook2texi -o ../info       syslog2iptables.sgml
-	   rm -f syslog2iptables.xml syslog2iptables.sgml
+	   xmlto        -o ../man  man   dnsbl.xml
+	   xmlto        -o ../html xhtml dnsbl.xml
+	   xmlto        -o ../html pdf   dnsbl.xml
+	   docbook2texi -o ../info       dnsbl.sgml
+	   rm -f dnsbl.xml dnsbl.sgml
--- a/xml/dnsbl.in	Sun Dec 18 15:16:25 2005 -0800
+++ b/xml/dnsbl.in	Sun Dec 18 15:16:25 2005 -0800
@@ -45,75 +45,100 @@
             <variablelist>
                 <varlistentry>
                     <term>-c</term>
-                    <listitem>
-                        <para>
+                    <listitem><para>
                             Load the configuration file, print a cannonical form
                             of the configuration on stdout, and exit.
-                       </para>
-                   </listitem>
+                    </para></listitem>
                 </varlistentry>
                 <varlistentry>
                     <term>-s</term>
-                    <listitem>
-                        <para>
+                    <listitem><para>
                             Stress test the configuration loading code by repeating
                             the load/free cycle in an infinite loop.
-                       </para>
-                   </listitem>
+                    </para></listitem>
                 </varlistentry>
                 <varlistentry>
                     <term>-d <replaceable class="parameter">n</replaceable></term>
-                    <listitem>
-                        <para>
+                    <listitem><para>
                             Set the debug level to <replaceable class="parameter">n</replaceable>.
-                        </para>
-                    </listitem>
+                    </para></listitem>
                 </varlistentry>
                 <varlistentry>
                     <term>-e <replaceable class="parameter">from|to</replaceable></term>
-                    <listitem>
-                        <para>
+                    <listitem><para>
                             Print the results of looking up the from and to addresses in the
                             current configuration. The | character is used to separate the from and to
                             addresses in the argument to the -e switch.
-                        </para>
-                    </listitem>
+                    </para></listitem>
                 </varlistentry>
                 <varlistentry>
                     <term>-r <replaceable class="parameter">local-domain-socket</replaceable></term>
-                    <listitem>
-                        <para>
+                    <listitem><para>
                             Set the local socket used for the connection to our own dns resolver processes.
-                        </para>
-                    </listitem>
+                    </para></listitem>
                 </varlistentry>
                 <varlistentry>
                     <term>-p <replaceable class="parameter">sendmail-socket</replaceable></term>
-                    <listitem>
-                        <para>
+                    <listitem><para>
                             Set the socket used for the milter connection to sendmail. This is either
                             "inet:port@ip-address" or "local:local-domain-socket-file-name".
-                        </para>
-                    </listitem>
+                    </para></listitem>
                 </varlistentry>
                 <varlistentry>
                     <term>-t <replaceable class="parameter">timeout</replaceable></term>
-                    <listitem>
-                        <para>
+                    <listitem><para>
                             Set the timeout in seconds used for communication with sendmail.
-                        </para>
-                    </listitem>
+                    </para></listitem>
                 </varlistentry>
             </variablelist>
         </refsect1>
 
-        <refsect1>
+        <refsect1 id='usage.1'>
             <title>Usage</title>
             <para><command>@PACKAGE@</command> -c</para>
             <para><command>@PACKAGE@</command> -s</para>
-            <para><command>@PACKAGE@</command> -d 2</para>
             <para><command>@PACKAGE@</command> -e'someone@aol.com|localname@mydomain.tld'</para>
-            <para><command>@PACKAGE@</command> -d 10 -r /var/run/dnsbl/dnsbl.resolver.sock -p local:/var/run/dnsbl/dnsbl.sock</para>
+            <para><command>@PACKAGE@</command> -d 10 -r resolver.sock -p local:dnsbl.sock</para>
+        </refsect1>
+
+        <refsect1 id='installation.1'>
+            <title>Installation</title>
+            <para>
+                This is now a standard GNU autoconf/automake installation, so the normal
+                "./configure; make; su; make install" works.  "make chkconfig" will
+                setup the init.d runlevel scripts.  Alternatively, you can use the
+                source or binary RPMs at <ulink
+                url="http://www.five-ten-sg.com/@PACKAGE@/packages">http://www.five-ten-sg.com/@PACKAGE@/packages</ulink>.
+            </para>
+            <para>
+                Note that this has ONLY been tested on Linux, specifically RedHat Linux.
+                In particular, this milter makes no attempt to understand IPv6.  Your
+                mileage will vary.  You will need at a minimum a C++ compiler with a
+                minimally thread safe STL implementation.  The distribution includes a
+                test.cpp program.  If it fails this milter won't work.  If it passes,
+                this milter might work.
+            </para>
+            <para>
+                Modify your sendmail.mc by removing all the "FEATURE(dnsbl" lines, add
+                the following line in your sendmail.mc and rebuild the .cf file
+            </para>
+            <para><screen>INPUT_MAIL_FILTER(`dnsbl', `S=local:/var/run/dnsbl/dnsbl.sock, F=T, T=C:30s;S:5m;R:5m;E:5m')</screen></para>
+            <para>
+                Modify the default <citerefentry>
+                <refentrytitle>@PACKAGE@.conf</refentrytitle> <manvolnum>5</manvolnum>
+                </citerefentry> configuration.
+            </para>
+        </refsect1>
+
+        <refsect1 id='configuration.1'>
+            <title>Configuration</title>
+            <para>
+                The configuration file is documented in <citerefentry>
+                <refentrytitle>@PACKAGE@.conf</refentrytitle> <manvolnum>5</manvolnum>
+                </citerefentry>.  Any change to the config file, or any file included
+                from that config file, will cause it to be reloaded within three
+                minutes.
+            </para>
         </refsect1>
 
         <refsect1 id='introduction.1'>
@@ -158,7 +183,7 @@
             </para>
         </refsect1>
 
-        <refsect1 id='todo.1'>
+        <refsect1 id='dcc.1'>
             <title>DCC Issues</title>
             <para>
                 If you are also using the <ulink
@@ -199,7 +224,7 @@
             </para>
         </refsect1>
 
-        <refsect1 id='todo.1'>
+        <refsect1 id='definitions.1'>
             <title>Definitions</title>
             <para>
                 CONTEXT - a collection of parameters that defines the filtering context
@@ -219,7 +244,7 @@
             </para>
         </refsect1>
 
-        <refsect1 id='todo.1'>
+        <refsect1 id='filtering.1'>
             <title>Filtering Procedure</title>
             <para>
                 If the client has authenticated with sendmail, the mail is accepted, the
@@ -228,7 +253,7 @@
                 recipient.
             </para>
             <orderedlist>
-                <listitem>
+                <listitem><para>
                     The envelope to email address is used to find an initial filtering
                     context.  We first look for a context that specified the full email
                     address in the env_to statement.  If that is not found, we look for a
@@ -237,8 +262,8 @@
                     that specified the user@ part of the envelope recipient in the env_to
                     statement.  If that is not found, we use the first top level context
                     defined in the config file.
-                </listitem>
-                <listitem>
+                </para></listitem>
+                <listitem><para>
                     The initial filtering context may redirect to a child context based on
                     the values in the initial context's env_from statement.  We look for [1)
                     the full envelope from email address, 2) the domain name part of the
@@ -246,35 +271,36 @@
                     in that context's env_from statement, with values that point to a child
                     context.  If such an entry is found, we switch to that child filtering
                     context.
-                </listitem>
-                <listitem>
+                </para></listitem>
+                <listitem><para>
                     We lookup [1) the full envelope from email address, 2) the domain name
                     part of the envelope from address, 3) the user@ part of the envelope
                     from address] in the filtering context env_from statement.  That results
                     in one of (white, black, unknown, inherit).
-                </listitem>
-                <listitem>
+                </para></listitem>
+                <listitem><para>
                     If the answer is black, mail to this recipient is rejected with "no such
                     user", and the dns lists are not checked.
-                </listitem>
-                <listitem>
+                </para></listitem>
+                <listitem><para>
                     If the answer is white, mail to this recipient is accepted and the dns
                     lists are not checked.
-                </listitem>
-                <listitem>
+                </para></listitem>
+                <listitem><para>
                     If the answer is unknown, we don't reject yet, but the dns lists will be
                     checked, and the content may be scanned.
-                <listitem>
+                </para></listitem>
+                <listitem><para>
                     If the answer is inherit, we repeat the envelope from search in the
                     parent context.
-                </listitem>
-                <listitem>
+                </para></listitem>
+                <listitem><para>
                     The dns lists specified in the filtering context are checked and the
                     mail is rejected if any list has an A record for the standard dns based
                     lookup scheme (reversed octets of the client followed by the dns
                     suffix).
-                </listitem>
-                <listitem>
+                </para></listitem>
+                <listitem><para>
                     If the mail has not been accepted or rejected yet, we look for a
                     verification context, which is the closest ancestor of the filtering
                     context that both specifies a verification host, and which covers the
@@ -284,13 +310,13 @@
                     values are passed to that verification host.  If we receive a 5xy
                     response those commands, we reject the current recipient with "no such
                     user".
-                </listitem>
-                <listitem>
+                </para></listitem>
+                <listitem><para>
                     If the mail has not been accepted or rejected yet, and the filtering
                     context enables content filtering, and this is the first such recipient
                     in this smtp transaction, we set the content filtering parameters from
                     this context, and enable content filtering for the body of this message.
-                </listitem>
+                </para></listitem>
             </orderedlist>
             <para>
                 If content filtering is enabled for this body, the mail text is decoded
@@ -305,17 +331,16 @@
             </para>
         </refsect1>
 
-        <refsect1>
+        <refsect1 id='access.1'>
             <title>Sendmail access vs. DNSBL</title>
             <para>
                 With the standard sendmail.mc dnsbl FEATURE, the dnsbl checks may be
                 suppressed by entries in the /etc/mail/access database.  For example,
                 suppose you control a /18 of address space, and have allocated some /24s
                 to some clients.  You have access entries like
-                <screen>
+<literallayout class="monospaced"><![CDATA[
                     192.168.4   OK
-                    192.168.17  OK
-                </screen>
+192.168.17  OK]]></literallayout>
             </para>
             <para>
                 to allow those clients to smarthost thru your mail server.  Now if one
@@ -342,43 +367,7 @@
             </para>
         </refsect1>
 
-        <refsect1>
-            <title>Installation and configuration</title>
-            <para>
-                This is a standard GNU autoconf/automake installation, so the normal
-                <screen>
-                    ./configure
-                    make
-                    su
-                    make install
-                </screen>
-                works. "make chkconfig" will setup the init.d runlevel scripts.
-            </para>
-            <para>
-                Note that this has ONLY been tested on Linux, specifically RedHat Linux.
-                In particular, this milter makes no attempt to understand IPv6.  Your
-                mileage will vary.  You will need at a minimum a C++ compiler with a
-                minimally thread safe STL implementation.  The distribution includes a
-                test.cpp program.  If it fails this milter won't work.  If it passes,
-                this milter might work.
-            </para>
-            <para>
-                Modify your sendmail.mc by removing all the "FEATURE(dnsbl" lines, add
-                the following line in your sendmail.mc and rebuild the .cf file
-            </para>
-            <para>
-                <screen>
-                    INPUT_MAIL_FILTER(`dnsbl', `S=local:/var/run/dnsbl/dnsbl.sock, F=T, T=C:30s;S:5m;R:5m;E:5m')
-                </screen>
-            </para>
-            <para>
-                Modify the default <citerefentry>
-                <refentrytitle>@PACKAGE@.conf</refentrytitle> <manvolnum>5</manvolnum>
-                </citerefentry> configuration.
-            </para>
-
-
-        <refsect1 id='todo.1'>
+        <refsect1 id='performance.1'>
             <title>Performance Issues</title>
             <para>
                 Consider a high volume high performance machine running sendmail.  Each
@@ -409,17 +398,16 @@
         </refsect1>
 
 
-        <refsect1 id='todo.1'>
+        <refsect1 id='rejected.1'>
             <title>Rejected Ideas</title>
             <para>
                 The following ideas have been considered and rejected.
             </para>
             <para>
-                Add max_recipients for each mail domain to the configuration.
-                Recipients in excess of that limit will be rejected, and all the
-                recipients in that domain will be removed if there are some other
-                whitelisted recipients.  Current spammers *very* rarely send more than
-                ten recipients in a single smtp transaction, so this won't stop any
+                Add max_recipients setting to the context configuration.  Recipients in
+                excess of that limit will be rejected, and all the non-whitelisted
+                recipients will be removed.  Current spammers *very* rarely send more
+                than ten recipients in a single smtp transaction, so this won't stop any
                 significant amount of spam.
             </para>
             <para>
@@ -454,18 +442,7 @@
             </para>
         </refsect1>
 
-        <refsect1>
-            <title>Configuration</title>
-            <para>
-                The configuration file is documented in <citerefentry>
-                <refentrytitle>@PACKAGE@.conf</refentrytitle> <manvolnum>5</manvolnum>
-                </citerefentry>.  Any change to the config file, or any file included
-                from that config file, will cause it to be reloaded within three
-                minutes.
-            </para>
-        </refsect1>
-
-        <refsect1>
+        <refsect1 id='copyright.1'>
             <title>Copyright</title>
             <para>
                 Copyright (C) 2005 by 510 Software Group &lt;carl@five-ten-sg.com&gt;
@@ -483,7 +460,8 @@
             </para>
         </refsect1>
 
-        <refsect1>
+        <refsect1 id='version.1'>
+            <title>CVS Version</title>
             <para>
                 $Id$
             </para>
@@ -504,7 +482,7 @@
 
         <refnamediv id='name.5'>
             <refname>@PACKAGE@.conf</refname>
-            <refpurpose>configuration file for @PACKAGE@</refpurpose>
+            <refpurpose>configuration file for @PACKAGE@ sendmail milter</refpurpose>
         </refnamediv>
 
         <refsynopsisdiv id='synopsis.5'>
@@ -522,23 +500,27 @@
             <literallayout class="monospaced"><![CDATA[
 CONFIG     = {CONTEXT ";"}+
 CONTEXT    = "context" NAME "{" {STATEMENT}+ "}"
-STATEMENT  = (DNSBL | DNSBLLIST | CONTENT | ENV-TO | VERIFY | CONTEXT | ENV-FROM) ";"
+STATEMENT  = (DNSBL | DNSBLLIST | CONTENT | ENV-TO | VERIFY |
+                                           CONTEXT | ENV-FROM) ";"
 
 DNSBL      = "dnsbl" NAME DNSPREFIX ERROR-MSG
 
 DNSBLLIST  = "dnsbl_list" {NAME}+
 
 CONTENT    = "content" ("on" | "off") "{" {CONTENT-ST}+ "}"
-CONTENT-ST = (FILTER | IGNORE | TLD | HTML-TAGS | HTML-LIMIT | HOST-LIMIT) ";"
+CONTENT-ST = (FILTER | IGNORE | TLD | HTML-TAGS | HTML-LIMIT |
+                                                  HOST-LIMIT) ";"
 FILTER     = "filter" DNSPREFIX ERROR-MSG
 IGNORE     = "ignore"     "{" {HOSTNAME [";"]}+ "}"
 TLD        = "tld"        "{" {TLD      [";"]}+ "}"
 HTML-TAGS  = "html_tags"  "{" {HTMLTAG  [";"]}+ "}"
-ERROR-MSG  = string containing exactly two %s replacement tokens for the client ip address
+ERROR-MSG  = string containing exactly two %s replacement tokens
+             for the client ip address
 
 HTML-LIMIT = "html_limit" ("on" INTEGER ERROR-MSG | "off")
 
-HOST-LIMIT = "host_limit" ("on" INTEGER ERROR-MSG | "off" | "soft" INTEGER)
+HOST-LIMIT = "host_limit" ("on" INTEGER ERROR-MSG | "off" |
+                                                    "soft" INTEGER)
 
 ENV-TO     = "env_to"     "{" {(TO-ADDR | DCC-TO)}+ "}"
 TO-ADDR    = ADDRESS [";"]
@@ -679,7 +661,8 @@
 };]]></literallayout>
         </refsect1>
 
-        <refsect1>
+        <refsect1 id='version.5'>
+            <title>CVS Version</title>
             <para>
                 $Id$
             </para>
--- a/xml/sample.conf	Sun Dec 18 15:16:25 2005 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,163 +0,0 @@
-# $Id$
-#
-
-# Partial bnf description of this configuration language. Any sequence of
-# three tokens ("include" FILENAME ";") are replaced by the content of the
-# specified file.
-#
-#
-# CONFIG            = {CONTEXT ";"}+
-# CONTEXT           = "context" NAME "{" {STATEMENT}+ "}"
-# STATEMENT         = (DNSBL | DNSBLLIST | CONTENT | ENV-TO | VERIFY | CONTEXT | ENV-FROM) ";"
-
-# DNSBL             = "dnsbl" NAME DNSPREFIX ERROR-MSG
-
-# DNSBLLIST         = "dnsbl_list" {NAME}+
-
-# CONTENT           = "content" ("on" | "off") "{" {CONTENT-STATEMENT}+ "}"
-# CONTENT-STATEMENT = (FILTER | IGNORE | TLD | HTML-TAGS | HTML-LIMIT | HOST-LIMIT) ";"
-# FILTER            = "filter" DNSPREFIX ERROR-MSG
-# IGNORE            = "ignore"     "{" {HOSTNAME [";"]}+ "}"
-# TLD               = "tld"        "{" {TLD      [";"]}+ "}"
-# HTML-TAGS         = "html_tags"  "{" {HTMLTAG  [";"]}+ "}"
-# ERROR-MSG         = string containing exactly two %s replacement tokens for the client ip address
-
-# HTML-LIMIT        = "html_limit" ("on" INTEGER ERROR-MSG | "off")
-
-# HOST-LIMIT        = "host_limit" ("on" INTEGER ERROR-MSG | "off" | "soft" INTEGER)
-
-# ENV-TO            = "env_to"     "{" {(TO-ADDR | DCC-TO)}+ "}"
-# TO-ADDR           = ADDRESS [";"]
-# DCC-TO            = "dcc_to" ("ok" | "many") "{" DCCINCLUDEFILE "}" ";"
-
-# VERIFY            = "verify" HOSTNAME ";"
-
-# ENV_FROM          = "env_from" [DEFAULT] "{" {(FROM-ADDR | DCC-FROM)}+ "}"
-# FROM-ADDR         = ADDRESS VALUE [";"]
-# DCC-FROM          = "dcc_from" "{" DCCINCLUDEFILE "}" ";"
-# DEFAULT           = ("white" | "black" | "unknown" | "inherit" | "")
-# ADDRESS           = (USER@ | DOMAIN | USER@DOMAIN)
-# VALUE             = ("white" | "black" | "unknown" | CHILD-CONTEXT-NAME)
-
-
-context sample {
-    dnsbl   local   blackholes.five-ten-sg.com  "Mail from %s rejected - local; see http://www.five-ten-sg.com/blackhole.php?%s";
-    dnsbl   sbl     sbl-xbl.spamhaus.org        "Mail from %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
-    dnsbl   xbl     xbl.spamhaus.org            "Mail from %s rejected - xbl; see http://www.spamhaus.org/query/bl?ip=%s";
-    dnsbl   dul     dul.dnsbl.sorbs.net         "Mail from %s rejected - dul; see http://www.sorbs.net/lookup.shtml?%s";
-    dnsbl_list  local sbl dul;
-
-    content on {
-        filter    sbl-xbl.spamhaus.org        "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s";
-        ignore    { include "hosts-ignore.conf"; };
-        tld       { include "tld.conf"; };
-        html_tags { include "html-tags.conf"; };
-        html_limit on 20 "Mail containing excessive bad html tags rejected";
-        html_limit off;
-        host_limit on 20 "Mail containing excessive host names rejected";
-        host_limit soft 20;
-    };
-
-    env_to {
-        # child contexts are not allowed to specify recipient addresses outside these domains
-        # leave this outer global context env_to empty to allow arbitrary recipients in child contexts
-        mydomain.com;
-        customer1.com;
-        customer1a.com;
-        customer1b.com;
-        customer2.com;
-        customer2a.com;
-        customer2b.com;
-    };
-
-    context whitelist {
-        content off {};
-        env_to {
-            # dcc_to ok { include "/var/dcc/whitecommon"; };    # copy the dcc OK values (env_to) into this context
-        };
-        env_from white {};      # white forces all unmatched from addresses (everyone in this case) to be whitelisted
-                                # so all mail TO these env_to addresses is accepted
-    };
-
-    context abuse {
-        dnsbl_list xbl;
-        content off {};
-        env_to {
-            abuse@;             # no content filtering on abuse reports
-            postmaster@;        # ""
-        };
-        env_from unknown {};    # ignore all parent white/black listing
-    };
-
-    context minimal {
-        dnsbl_list sbl dul;
-        content on {};
-        env_to {
-            sales@mydomain.com;
-        };
-    };
-
-    context blacklist {
-        env_to {
-            dcc_to many { include "/var/dcc/whitecommon"; };    # copy the dcc MANY values (env_to) into this context
-            old-employee@mydomain.com;
-        };
-        env_from black {};      # black forces all unmatched from addresses (everyone in this case) to be blacklisted
-                                # so all mail TO these env_to addresses is rejected
-    };
-
-    context vp {    # special context for the vp
-        env_to {
-            vp@mydomain.com;
-        };
-        env_from inherit {
-            nai.com                 black;      # the vp does not like nai
-            yahoo.com               unknown;    # override parent context blacklisting
-            mother@spammyisp.com    white;      # suppress dnsbl checking
-        };
-    };
-
-    context customer1 {
-        dnsbl_list sbl dul;
-        env_to {
-            customer1.com;
-            customer1a.com;
-            customer1b.com;
-        };
-
-        verify mail.customer1.com;
-
-        context customer1a {
-            env_to {
-                customer1a.com;
-            }
-            env_from black {                        # blacklist everything
-                first@acceptable.com    unknown;    # except these specific envelope senders
-                second@another.com      unknown;
-                yahoo.com               inherit;    # delegate to the parent
-            };
-        };
-
-        env_from {  # default value of the default is inherit
-            yahoo.com           black;      # no mail from yahoo
-            first@yahoo.com     unknown;    # except this one
-        };
-    };
-
-    context customer2 {
-        dnsbl_list sbl;
-        env_to {
-            customer2.com;
-            customer2a.com;
-            customer2b.com;
-        };
-    };
-
-    env_from unknown {
-        dcc_from { include "/var/dcc/whitecommon"; };   # copy the dcc OK/MANY values (env_from, substitute mail_host) into this context
-        abuse@              abuse;      # replies to abuse reports use the abuse context
-        yahoo.com           black;      # don't take mail from yahoo
-        spammer@example.com black;
-    };
-};
-